MANDIANT Redline New Release

Mandiant have just released a new version of Redline free software that you can use for incident handling, the utility allow user to report and investigate any system compromised. Usually you need to verify changes in the system to understand what really happened during the attack.

Screenshot for Redline Interface (click to enlarge)

After installing Redline you will have several options, you can start a fresh scan on local system or local memory, you can also supply the tool with saved memory file or you can even start a previous saved analysis, This what makes from this free tool very flexible and suitable for examiners.

Many people will ask what kind of information the tool will find, so the answer is the following: